• View
• Edit
• History
• Print

Team Security

Each team needs to take basic security precautions:

1. Disable inactive teammate accounts after >3 months of inactivity
   • Remove inactive teammates from /etc/doas.conf and from group wheel
2. Change passwords for shared root accounts every 6 months. For example, web panels with serial console access should have their passwords reset. This basic precaution helps security leaks.
   • Make sure to share the new passwords with your teammates!
3. Check /etc/doas.conf, /etc/group, and /etc/master.passwd (use vipw only to prevent file corruption) to make sure that only authorized users are present
4. Check file permissions. If your mail is configured properly, you should receive a daily email from root that lists your file permissions. Especially check /etc/master.passwd
5. Check /var/log/authlog with:
   1. $ doas zgrep Accept /var/log/authlog{,.[0-9].gz}
6. Check /var/log/secure for any unusual logins
7. Search for any unusual processes in $ ps auxw
8. Search for any unusual cronjobs in /var/cron/tabs/ , especially /var/cron/tabs/root
9. Check to make sure you don't have any unexpected setuid root binaries